In AirPort Utility, my Time Capsule has under Manual Setup->Advanced->IPv6 the options Link-local only, host, and tunnel. What are the differences between these options, and which one should be used in which situations?

2 Answers
2

Link-local only: Only create a link-local fe80::/64 address via StateLess Address AutoConfiguration (SLAAC). Link-local addresses are not publicly routable. This is the IPv6 equivalent of IPv4's 169.254/16 link-local addresses. The base station will be reachable via IPv6 only from other devices on the data-link networks (wired and wireless Ethernet) directly connected to the base station. It will not act as an IPv6 router or gateway for any other devices. This is the closest you can get to "IPv6 Off" on an AirPort base station, because the AirPort Utility relies on IPv6 link-local as a last resort for connecting to a local base station even if there is an IPv4 subnet mismatch (IPv6 link-local was engineered with a concept of interface-scoped link-local addresses so that it can be active on all interfaces of all devices at all times and never suffer from subnet mismatches and other connectivity problems that IPv4, even IPv4 link-local, suffered from).
Use this option if you don't want your base station to be reachable from the IPv6 Internet.

Host: The base station will expect to find an IPv6 router on the network, advertising an IPv6 prefix. The base station will use the advertised prefix (and other information in the router advertisement multicast packets) and use SLAAC to create a publicly routable IPv6 address for the base station. The base station will be reachable via IPv6 over the Internet, but it will not act as an IPv6 router or gateway for any other devices on the network.
Use this option if you already have an IPv6 router on your network, and you want your base station to be reachable from the IPv6 Internet.

Router: The base station will expect to have native IPv6 service out its WAN port, and will act as an IPv6 router for devices out its LAN/WLAN ports. (Note: This mode is only in the late-2009 and newer revisions of the AirPort Extreme and Time Capsule)

Manual: The base station will use the (typically publicly-routable) IPv6 static configuration information you give it, to act as an IPv6 router for devices connected via LAN/WLAN (LAN and WLAN are bridged together at the link layer, so they're a single network). The LAN/WLAN-side IPv6 prefix is determined from the IPv6 LAN address you give it, and the prefix length is fixed to /64 (/64 is the minimum prefix length allowed on a single LAN).
Use this option if your upstream network provides native IPv6 connectivity, and they have given you a public routable IPv6 prefix to use on your LAN/WLAN.

Automatic: The base station will attempt to use DHCPv6 Prefix Delegation (RFC 3633) to request that an upstream DHCPv6-PD server delegate a publicly routable IPv6 prefix to it. It will take the prefix it is delegated and act as an IPv6 router for the devices on the LAN/WLAN side of the base station.
Use this option if your upstream network provides native IPv6 connectivity, and they have a DHCPv6-PD server set up to delegate a public routable IPv6 prefix for your base station to use on your LAN/WLAN.

Tunnel: The base station will expect to establish a connection to the IPv6 Internet via an IPv6-in-IPv4 tunnel out the WAN port, and will act as an IPv6 router for its LAN/WLAN-side clients.

Manual: The base station will take the information you give it and try to establish a generic tunnel interface (GIF) IPv6-in-IPv4 tunnel to the tunnel broker/server you specify. It will determine the LAN/WLAN-side prefix from the LAN IPv6 address you give it, and will advertise a /64 prefix on the LAN/WLAN side. It will act as an IPv6 router for any LAN/WLAN-side clients.
Use this option if you don't have native IPv6 service, and if you're connecting to Hurricane Electric's IPv6 tunnel broker at tunnelbroker.net, or SixXS, or similar for manually tunneled IPv6 service.

Automatic: The base station will use 6to4 to automatically create an IPv6-in-IPv4 tunnel to whatever 6to4 gateway it is able to reach via the 6to4 anycast address. The base station will advertise the appropriate 6to4 prefix to its LAN/WLAN-side clients, and act as an IPv6 router for them.
Use this option as a last resort for IPv6 Internet connectivity, I suppose. It's for when you don't get native IPv6 service on your upstream network, and you don't want the hassle and learning curve of setting up a tunnel broker account and a manually-configured tunnel. It'll probably work unless your ISP or network administrator has blocked 6to4 tunnels.

Sometime not long after I wrote this answer, Apple changed the UI in the AirPort Utility and slightly changed the names of these modes. However, the same modes are still there, they're just named slightly differently.
–
SpiffMar 18 '14 at 0:31